Hi We are testing out the netflow input plugin for logstash but cant seem to get logstash to output anything.
input {
udp { port => 1963
codec => netflow {
ipfix_definitions => "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-2.1.0/lib/logstash/codecs/netflow/ipfix.yaml"
netflow_definitions => "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-2.1.0/lib/logstash/codecs/netflow/ipfix.yaml"
}
}
}
output {
rabbitmq { host => "192.168.130.75"
user => "logstash" password => "********"
exchange => "logstash-exchg1"
key => "logstash-key1"
durable => true
exchange_type =>
direct vhost => "logstash"
persistent => true
}
}
/var/log/logstash/logstash.log
{:timestamp=>"2016-07-13T12:12:51.976000-0500", :message=>"No matching template for flow id 260", :level=>:warn}
{:timestamp=>"2016-07-13T12:12:51.980000-0500", :message=>"No matching template for flow id 266", :level=>:warn}
^^ keeps repeating..
and we also see ..
{:timestamp=>"2016-07-13T12:12:42.886000-0500", :message=>"Unsupported field", :type=>89, :length=>1, :level=>:warn}
Version:
logstash-2.3.4-1.noarch
logstash-codec-netflow version 2.1.1
data sources:
1 x ASR 9010 running IOSXR ver 5.3.3
1 x Nexus 6004 running NXOS ver 7.1(3)N1(2)
The messages never make it to rabbitmq, I also added a file output but it never gets written to. So my guess is logstash is not getting past the parsing the message state and to the output.
Any help is appreciated.
Thanks
Saqi